package com.mulesoft.connectors.sharepoint.internal.connection.oauth;

import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.mulesoft.connectors.sharepoint.api.KeyStoreType;
import com.mulesoft.connectors.sharepoint.internal.error.exception.SharepointException;
import com.mulesoft.connectors.sharepoint.internal.error.exception.SharepointValidationException;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.NoSuchFileException;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.time.ZonedDateTime;
import java.util.Base64;
import java.util.HashMap;
import java.util.UUID;
import org.mule.runtime.core.api.util.StringUtils;

/* loaded from: input_file:com/mulesoft/connectors/sharepoint/internal/connection/oauth/AssertionGenerator.class */
public class AssertionGenerator {
    private static final String CLIENT_ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
    private static final String SHA_1 = "SHA-1";
    private final String keyStorePath;
    private final String keyStorePassword;
    private final String keyStoreAlias;
    private final KeyStoreType keyStoreType;
    private final String keyPassword;
    private final String clientId;
    private final String tokenUrl;

    public AssertionGenerator(String str, String str2, String str3, KeyStoreType keyStoreType, String str4, String str5, String str6) {
        this.keyStorePath = str;
        this.keyStorePassword = str2;
        this.keyStoreAlias = str3;
        this.keyStoreType = keyStoreType;
        this.keyPassword = StringUtils.isBlank(str4) ? str2 : str4;
        this.clientId = str5;
        this.tokenUrl = str6;
    }

    public String generate() {
        try {
            KeyStore keyStore = KeyStore.getInstance(this.keyStoreType.name());
            keyStore.load(getStream(), this.keyStorePassword.toCharArray());
            Certificate certificate = keyStore.getCertificate(this.keyStoreAlias);
            RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) keyStore.getKey(this.keyStoreAlias, this.keyPassword.toCharArray());
            HashMap hashMap = new HashMap();
            hashMap.put("alg", "RS256");
            hashMap.put("typ", "JWT");
            hashMap.put("x5t", Base64.getEncoder().encodeToString(MessageDigest.getInstance(SHA_1).digest(certificate.getEncoded())));
            ZonedDateTime now = ZonedDateTime.now();
            return JWT.create().withHeader(hashMap).withAudience(new String[]{this.tokenUrl}).withExpiresAt(now.plusMinutes(5L).toInstant()).withIssuer(this.clientId).withJWTId(UUID.randomUUID().toString()).withNotBefore(now.toInstant()).withSubject(this.clientId).withIssuedAt(now.toInstant()).sign(Algorithm.RSA256((RSAPublicKey) certificate.getPublicKey(), rSAPrivateKey));
        } catch (Exception e) {
            throw new SharepointValidationException("Failed to generate the JWT assertion.", e);
        }
    }

    private InputStream getStream() throws IOException {
        try {
            return Files.newInputStream(Paths.get(this.keyStorePath, new String[0]), new OpenOption[0]);
        } catch (NoSuchFileException e) {
            if (getClass().getClassLoader().getResource(this.keyStorePath) == null) {
                throw new SharepointException("Path to keystore is empty.");
            }
            return getClass().getClassLoader().getResourceAsStream(this.keyStorePath);
        }
    }

    public String getAssertionType() {
        return CLIENT_ASSERTION_TYPE;
    }
}
